On Thu, Jul 29, 2004 at 07:16:49PM -0400, Alan DeKok wrote:
> Dave Mussulman <[EMAIL PROTECTED]> wrote:
> > Okay, I've done that. My authorize section looks like:
> >
> > authorize {
> >
> > preprocess
> > group {
> > files
> > #sql
> > mschap
> > chap
> > }
> > eap
>
> The "group" is pretty much meaningless, because you're not doing
> anything with it.
Okay, I'll read up on that.
> > but either I'm not doing that right, or there's something more
> > complicated with EAP calling mschap directly, because it's not working
> > how I would like. I would like it to check the local files (or sql)
> > first, and fail back to mschap/AD if the login is not present.
>
> Outside, or inside of the TLS tunnel?
Inside, where the PEAP/MS-CHAPv2 supplied login is being verified.
Dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
